4.12 Reusing passwords for several connections

Sometimes it is necessary to connect to the same remote host several
times. Reentering passwords again and again would be annoying, when
the chosen method does not support access without password prompt
through own configuration.

The best recommendation is to use the method’s own mechanism for
password handling. Consider ssh-agent for ssh-like
methods, or pageant for plink-like methods.

However, if you cannot apply such native password handling,
TRAMP offers alternatives.

4.12.1 Using an authentication file

The package auth-source.el, originally developed in No Gnus,
offers the possibility to read passwords from a file, like FTP does it
from ~/.netrc. The default authentication file is
~/.authinfo.gpg, this can be changed via the variable
auth-sources.

A typical entry in the authentication file would be

machine melancholia port scp login daniel password geheim

The port can be any TRAMP method (see Inline methods,
see External methods), to match only this method. When you omit
the port, you match all TRAMP methods.

4.12.2 Caching passwords

If there is no authentication file, TRAMP caches the passwords
entered by you. They will be reused next time if a connection needs
them for the same user name and host name, independently of the
connection method.

Passwords are not saved permanently, that means the password caching
is limited to the lifetime of your Emacs session. You
can influence the lifetime of password caching by customizing the
variable password-cache-expiry. The value is the number of
seconds how long passwords are cached. Setting it to nil
disables the expiration.

If you don’t like this feature for security reasons, password caching
can be disabled totally by customizing the variable
password-cache (setting it to nil).

Implementation Note: password caching is based on the package
password-cache.el. For the time being, it is activated only
when this package is seen in the load-path while loading
TRAMP.